package com.gk.javaservice.config;


import com.gk.javaservice.realm.UserRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * Shiro配置类
 */
@Configuration
public class ShiroConfig {

    @Bean("hashedCredentialsMatcher")
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher credentialsMatcher =
                new HashedCredentialsMatcher();
        //指定加密方式为MD5
        credentialsMatcher.setHashAlgorithmName("MD5");
        //加密次数
        credentialsMatcher.setHashIterations(1);
        credentialsMatcher.setStoredCredentialsHexEncoded(true);
        return credentialsMatcher;
    }

    @Bean("userRealm")
    public UserRealm userRealm(@Qualifier("hashedCredentialsMatcher")
                                       HashedCredentialsMatcher matcher) {

        UserRealm userRealm = new UserRealm();
        userRealm.setCredentialsMatcher(matcher);
        return userRealm;
    }

    @Bean
    public ShiroFilterFactoryBean shirFilter(@Qualifier("securityManager")
                                                     DefaultWebSecurityManager securityManager) {

        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        // 设置 SecurityManager
        bean.setSecurityManager(securityManager);
        // 设置登录成功跳转Url
        //bean.setSuccessUrl("/api/main");
        // 设置登录跳转Url
        bean.setLoginUrl("/main/toLogin");
        // 设置未授权提示Url
        bean.setUnauthorizedUrl("/main/unAuth");
        //支持多个访问角色
        LinkedHashMap filterMap2 = new LinkedHashMap<>();
        filterMap2.put("roleOF",new RoleFilter());
        bean.setFilters(filterMap2);
        /**
         * anon：匿名用户可访问
         * authc：登陆认证用户可访问
         * user：使用rememberMe可访问
         * perms：对应权限可访问 当有多个参数时必须每个参数都通过
         * roles：对应角色权限可访问 当有多个参数时必须每个参数都通过
         * roleOF：对应角色权限可访问 当有多个参数时只需1个参数都通过
         **/
        Map<String, String> filterMap = new LinkedHashMap<>();
        //示例
       // filterMap.put("/login","anon");
//        filterMap.put("/user/index","authc");
//        filterMap.put("/api/user/login","anon");
//        filterMap.put("/login/loginOut","authc");
//        filterMap.put("/api/user/**","roles[root]");
//        filterMap.put("/vip/**","perms[vip,mvp]");
//
//        //filterMap.put("/**","authc");
//        filterMap.put("/logout", "logout");
//        filterMap.put("/main/hasMsg","authc");
//        filterMap.put("/admin/**","authc");
//        filterMap.put("/admin/**","roles[超级管理员]");
//        filterMap.put("/main/beVip","perms[vip,mvp]");

        //实际使用
        filterMap.put("/login/login","anon");
        filterMap.put("/login/loginOut","authc");
//        filterMap.put("/admin/**","roles[administrator]");
//        filterMap.put("/admin/**","authc");
//        filterMap.put("/nurse/**","authc");
//        filterMap.put("/nurse/**","roleOF[administrator,nurse_station]");
        bean.setFilterChainDefinitionMap(filterMap);

        return bean;
    }

    /**
     * 注入 securityManager
     */
    @Bean(name="securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(
            HashedCredentialsMatcher hashedCredentialsMatcher) {

        DefaultWebSecurityManager securityManager =
                new DefaultWebSecurityManager();
        // 关联realm.
        securityManager.setRealm(userRealm(hashedCredentialsMatcher));
        return securityManager;
    }
}

